Commit graph

596 commits

Author SHA1 Message Date
teutat3s 20ebf92f1f
loki, promtail, prometheus: remove basic auth, use
wireguard to secure connections
2024-06-01 16:51:14 +02:00
teutat3s a10027ed21
Merge pull request 'Init mail.pub.solar' (#196) from feat/mail into main
Reviewed-on: #196
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-31 15:22:28 +00:00
teutat3s 8f46e22636
docs: updates for metronom / mail
All checks were successful
Flake checks / Check (pull_request) Successful in 4m8s
2024-05-31 16:52:04 +02:00
teutat3s 0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
port access to wireguard only
2024-05-31 16:52:04 +02:00
teutat3s 9a9dccf5bb
mail: move NixOS module to modules 2024-05-31 16:52:04 +02:00
teutat3s fcd9af314e
mail: update teutat3s password 2024-05-31 16:52:04 +02:00
teutat3s c5dfb472f8
style: treefmt 2024-05-31 16:52:04 +02:00
teutat3s 9d8026a31a
mail(treewide): update mail.greenbaum.zone -> mail.pub.solar 2024-05-31 16:52:04 +02:00
teutat3s 1ca1168d7a
mail: switch to mail.pub.solar 2024-05-31 16:52:04 +02:00
teutat3s a3f7afd7a0
docs: add metronom to deploy docs, style: format 2024-05-31 16:52:03 +02:00
teutat3s a424152f94
dns: add test mail records for metronom.pub.solar
DKIM, DMARC, SPF, MX
2024-05-31 16:52:03 +02:00
teutat3s b6f64a1e04
mail: add more @pub.solar mail accounts 2024-05-31 16:52:03 +02:00
teutat3s 9635367c82
dns: add metronom.pub.solar 2024-05-31 16:52:03 +02:00
Benjamin Yule Bädorf 3bcdd33b5a
deploy: use system from host configuration 2024-05-31 16:52:03 +02:00
Hendrik Sokolowski af233793fb
initial work on mail 2024-05-31 16:52:01 +02:00
teutat3s 6d8d34123f
Merge pull request 'ci: add self-hosted runner tankstelle' (#198) from feat/add-tankstelle into main
Reviewed-on: #198
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-31 14:49:20 +00:00
teutat3s 2b873f8d3e
Merge pull request 'alerts: alert for uptime after 90 days instead of 30 days' (#199) from alerts-tweak-uptime into main
Reviewed-on: #199
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-31 14:48:12 +00:00
teutat3s 941eff6d87
tankstelle: configure wireguard
All checks were successful
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
teutat3s b039dec111
ci: update results path to prevent garbage collection 2024-05-30 19:04:40 +02:00
teutat3s 5aa1276e85
ci: add nix to PATH 2024-05-30 19:04:40 +02:00
teutat3s cc70a740a1
ci: run actions runner as normal user 2024-05-30 19:04:40 +02:00
teutat3s 866785ef47
style: format using treefmt 2024-05-30 19:04:40 +02:00
teutat3s 692c152406
gitea-actions-runner: fix PATH in systemd 2024-05-30 19:04:40 +02:00
teutat3s e71cbfc461
ci: add self-hosted forgejo-actions-runner
wip: add git.pub.solar to /etc/hosts

ci: add devshell with Node.js for forgejo actions

ci: add PATH

ci: add HOME
2024-05-30 19:04:13 +02:00
Hendrik Sokolowski 946585d1ca
initial commit of tankstelle
Some checks failed
Flake checks / Check (pull_request) Failing after 1m38s
2024-05-29 14:08:59 +02:00
teutat3s 2eeef069a2
alerts: alert for uptime after 90 days instead
All checks were successful
Flake checks / Check (pull_request) Successful in 3m22s
2024-05-27 16:45:58 +02:00
teutat3s 1235a4f878
Merge pull request 'style: avoid usage of top-level "with lib;"' (#195) from style-avoid-top-level-lib into main
Reviewed-on: #195
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-27 10:03:43 +00:00
teutat3s 9113f995e9
Merge pull request 'Update matrix-synapse, docker and others' (#197) from chore/updates into main
Reviewed-on: #197
2024-05-26 18:45:07 +00:00
teutat3s 04ee83737d
flake: update inputs
All checks were successful
Flake checks / Check (pull_request) Successful in 8m39s
• Updated input 'agenix':
    'github:ryantm/agenix/8d37c5bdeade12b6479c85acd133063ab53187a0' (2024-05-09)
  → 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e' (2024-05-02)
  → 'github:hercules-ci/flake-parts/8dc45382d5206bd292f9c2768b8058a8fd8311d9' (2024-05-16)
• Updated input 'home-manager':
    'github:nix-community/home-manager/ab5542e9dbd13d0100f8baae2bc2d68af901f4b4' (2024-05-10)
  → 'github:nix-community/home-manager/2c78a57c544dd19b07442350727ced097e1aa6e6' (2024-05-26)
• Updated input 'maunium-stickerpicker':
    'github:maunium/stickerpicker/f59406a47a6778cd402e656ffb64f667335f665a?dir=web' (2022-11-15)
  → 'github:maunium/stickerpicker/47f17fde452b5e9f0c9e96ce0e2c878dd0574b7f?dir=web' (2024-05-18)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/de8b0d60d6fd34f35abffc46adc94ebaa6996ce2' (2024-05-14)
  → 'github:lnl7/nix-darwin/0bea8222f6e83247dd13b055d83e64bce02ee532' (2024-05-24)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5' (2024-03-25)
  → 'github:srid/nixos-flake/aa9100167350cbdffaa272b0fd382d7c23606b86' (2024-05-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/44072e24566c5bcc0b7aa9178a0104f4cfffab19' (2024-05-12)
  → 'github:nixos/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22)
• Updated input 'unstable':
    'github:nixos/nixpkgs/2057814051972fa1453ddfb0d98badbea9b83c06' (2024-05-12)
  → 'github:nixos/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24)
2024-05-26 19:05:23 +02:00
teutat3s a86ce80c47
Merge pull request 'backups: remove droppie' (#194) from backups-disable-droppie into main
Reviewed-on: #194
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-22 16:39:59 +00:00
teutat3s 708cf947de
backups: remove droppie
All checks were successful
Flake checks / Check (pull_request) Successful in 3m22s
There were no backups to droppie since December 2023. We can always add
it back, if desired.
2024-05-19 15:31:20 +02:00
teutat3s c015a1ec2e
style: avoid usage of top-level "with lib";
All checks were successful
Flake checks / Check (pull_request) Successful in 3m2s
See: https://github.com/NixOS/nixpkgs/issues/208242
2024-05-19 15:27:19 +02:00
teutat3s 39221b3874
Merge pull request 'fix: nachtigall wants keycloak' (#192) from fix/keycloak into main
Reviewed-on: #192
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-16 06:17:05 +00:00
teutat3s d7a6da30f5
Merge pull request 'backups: reduce chances for lock race' (#193) from backups-splay into main
Reviewed-on: #193
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-16 06:10:11 +00:00
teutat3s 67b9b84e01
backups: reduce chances for lock race
All checks were successful
Flake checks / Check (pull_request) Successful in 2m16s
Start one backup per hour each night
2024-05-15 21:00:41 +02:00
teutat3s 0cb89a9fe8
fix: nachtigall wants keycloak
All checks were successful
Flake checks / Check (pull_request) Successful in 3m24s
2024-05-15 19:20:06 +02:00
teutat3s 47c9424459
Merge pull request 'Add alertmanager config - part 2' (#189) from alertmanager into main
Reviewed-on: #189
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-15 15:23:59 +00:00
teutat3s e52324209f
alertmanager: fix SMTP secret
All checks were successful
Flake checks / Check (pull_request) Successful in 2m17s
2024-05-15 17:15:46 +02:00
teutat3s bd4241e71d
caddy: use alerts.pub.solar domain for vhost
All checks were successful
Flake checks / Check (pull_request) Successful in 20m47s
2024-05-15 16:17:54 +02:00
teutat3s d1a68a7c13
secrets: fix too open permissions 2024-05-15 16:01:44 +02:00
teutat3s 9245fa6797
alertmanager: finalize init 2024-05-15 16:01:44 +02:00
teutat3s a8a8155114
style: treefmt with nixfmt-rfc-style 2024-05-15 16:01:44 +02:00
Pablo Ovelleiro Corral 11f5557a7a
Add reverseproxy for alerts.pub.solar
Co-authored-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral 2679b897a0
Autoformat dns.tf 2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral 8b7f547276
Add dns entry 2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral 7e2bcfc5cf
Add alertmanager config 2024-05-15 16:01:42 +02:00
teutat3s f9f2b45611
Merge pull request 'secrets: rekey for ryzensun' (#191) from chore/secrets-rekey into main
Reviewed-on: #191
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-15 14:00:54 +00:00
teutat3s ece7c42efc
Merge pull request 'maintenance: update element-web, glibc, nextcloud, php, others' (#190) from chore/updates into main
Reviewed-on: #190
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-15 13:22:24 +00:00
teutat3s f329fbe26d
secrets: rekey for ryzensun
All checks were successful
Flake checks / Check (pull_request) Successful in 10m54s
See #188
2024-05-15 00:22:39 +02:00
teutat3s c2df933174
ci: set pipefail
All checks were successful
Flake checks / Check (pull_request) Successful in 2m8s
Don't add inputs to gc roots
2024-05-15 00:02:51 +02:00